2 min

Major UK government outsourcer Capita has revealed that it lost more than just access to MS Office.

This week Capita admitted that the cyber attack it had suffered on March 22 may have resulted in a significant data breach.

On April 3 the company, which provides outsourced IT services to a wide range of public and private organisations, announced that a cyberattack had left its employees unable to access their Microsoft Office 365 applications.

This week, however, the group issued an “update” that admitted that hackers accessed potential customer, staff and supplier data.

A “significantly restricted” incident

The company’s update is freighted with verbiage designed to minimise the potential repercussions of the cyberattack and data breach. “From our investigations to date, it appears that the incident arose following initial unauthorised access on or around 22 March and was interrupted by Capita on 31 March”, the statement reads.

Then comes the bombshell: “There is currently some evidence of limited data exfiltration from the small proportion of affected server estate which might include customer, supplier or colleague data”, the statement confirms.

The Capita update appears to be an attempt at damage control. The statement comes days after the Sunday Times reported that the ransomware gang Black Basta was selling Capita data. It did so on its leak site on the dark web. Information listed for sales, according to the Times, includes people’s phone numbers, home addresses, and details on more than 100 bank accounts.

Capita is a major IT services outsourcer

The Capita incident is alarming as the company provides billions of pounds in outsourced IT services to both public and private entities across the UK. In addition to the National Health Service (NHS) and the British Army, Royal Navy, and fire and rescue operations for the Ministry of Defence, it also serves large corporate customers like O2.

However, Capita’s update seeks to reassure: “In parallel with the services restoration activity, Capita has continued to work closely and at speed with specialist advisers and forensic experts in investigating the incident to assure any potential customer, supplier or supplier or colleague data exfiltration”.